arp
CompTIA Cisco Security TCP-IP

Configure ARP and Proxy ARP

Without ARP your packets can’t traverse the network. In fact, the entire internet would grind to a halt. In this lab we cover a simple ARP and Proxy ARP scenario.

 

Configure ARP and Proxy ARP


Lab Details

Lab Objective:

The objective of this lab exercise is for you to learn and understand how ARP and Proxy ARP is used by the router in order to encapsulate the packet before it is sent to a neighbor device.

Lab Purpose:

You must understand how ARP works to pass the CCNA exam. You could well be faced with an ARP-related issue to troubleshoot in the exam or in the real world.

Lab Tool:

Packet Tracer

Lab Topology:

Please use the following topology to complete this lab exercise:

arp

 

Lab Walkthrough:

Task 1:

Configure the hostnames on routers R1, R2, and R3 as illustrated in the topology. We cover this in other labs as well as a simple Packet Tracer tutorial.

Router#config t

Enter configuration commands, one per line.  End with CTRL/Z.

Router(config)#hostname R1

R1(config)#

 

Router#config t

Enter configuration commands, one per line.  End with CTRL/Z.

Router(config)#hostname R2

R2(config)#

 

Router#config t

Enter configuration commands, one per line.  End with CTRL/Z.

Router(config)#hostname R3

R3(config)#

Task 2:

Configure the IP addresses on the Ethernet interfaces of R1, R2, and R3 as illustrated in the topology (.1 for R1 and .2 for R2, and then .1 and .2 between R2 and R3).

Add static routes so that R1 can ping the host address on R3 and R3 can return the ping. Then check the ARP cache on R1. A default route for all traffic to leave via the Ethernet interface will do.

R1(config)#int f0/0

R1(config-if)#ip add 10.0.0.1 255.0.0.0

R1(config-if)#no shut

R1(config-if)#ip route 0.0.0.0 0.0.0.0 f0/0

 

R2(config)#int f0/0

R2(config-if)#ip add 10.0.0.2 255.0.0.0

R2(config-if)#no shut

 

R2(config)#int f0/1

R2(config-if)#ip add 192.168.1.1 255.255.255.0

R2(config-if)#no shut

 

R3(config)#int f0/1

R3(config-if)#ip add 192.168.1.2 255.255.255.0

R3(config-if)#no shut

R3(config-if)#ip route 0.0.0.0 0.0.0.0 f0/1

 

Task 3:

Use the correct show commands to check:

  1. The ARP cache on R1. What are the times for the learned addresses? Which will not timeout and how can you tell?
  2. What is the entry for R3 and why is it the same as the R2 Ethernet interface?
  3. What does the “–” in the arp table mean?

Note that your MAC address entries may differ from mine.

R1#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   c213.0a9a.0000  ARPA   F0/0

R1#

R1#ping 10.0.0.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 16/21/24 ms

R1#

R1#

R1#show arp    

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   c213.0a9a.0000  ARPA   F0/0

Internet  10.0.0.2                0   c214.0a9a.0000  ARPA   F0/0

R1#ping   192.168.1.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

..!!!

Success rate is 60 percent (3/5), round-trip min/avg/max = 12/30/40 ms

R1#show arp       

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   c213.0a9a.0000  ARPA   F0/0

Internet  10.0.0.2                0   c214.0a9a.0000  ARPA   F0/0

Internet  192.168.1.2             0   c214.0a9a.0000  ARPA   F0/0

 

R3#show int f0/1

FastEthernet0/1 is up, line protocol is up

  Hardware is Gt96k FE, address is c215.0a9a.0001 (bia c215.0a9a.0001)

  Internet address is 192.168.1.2/24

 

R1#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                –   c213.0a9a.0000  ARPA   F0/0

Internet  10.0.0.2                1   c214.0a9a.0000  ARPA   F0/0

Internet  192.168.1.2             0   c214.0a9a.0000  ARPA   F0/0

R1#

 

Tips and notes:

This exercise becomes a lot more intuitive if you have a dedicated switch that you can log into and analyze traffic from within, as well as see how easy it is to stop an attack like this.

We have hands-on labs for Cisco, Linux, CompTIA, Ethical Hacking, IP Subnetting, Python, and more.

Read the ARP RFC here.

 

ciscoccna
ciscoccna

Exam